Security Vulnerabilities - CVEs Published In February 2024
The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-02-29
An issue was discovered in Couchbase Server before 7.2.4. ns_server admin credentials are leaked in encoded form in the diag.log file. The earliest affected version is 7.1.5.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-02-29
An issue was discovered in Couchbase Server before 7.2.x before 7.2.4. otpCookie is shown with full admin on pools/default/serverGroups and engageCluster2.
CVSS Score
8.6
EPSS Score
0.003
Published
2024-02-29
An issue was discovered in Couchbase Server before 7.2.4. cURL calls to /diag/eval are not sufficiently restricted.
CVSS Score
9.8
EPSS Score
0.005
Published
2024-02-29
An issue was discovered in Couchbase Server before 7.2.4. SQL++ cURL calls to /diag/eval are not sufficiently restricted.
CVSS Score
9.8
EPSS Score
0.006
Published
2024-02-29
An issue was discovered in Couchbase Server before 7.2.4. An attacker can bypass SQL++ N1QL cURL host restrictions.
CVSS Score
5.4
EPSS Score
0.007
Published
2024-02-29
Concrete CMS before 9.2.3 allows Stored XSS on the Admin Dashboard via /dashboard/system/basics/name. (8.5 and earlier are unaffected.)
CVSS Score
2.4
EPSS Score
0.005
Published
2024-02-29
Concrete CMS before 8.5.14 and 9 before 9.2.3 is vulnerable to an admin adding a stored XSS payload via the Layout Preset name.
CVSS Score
4.8
EPSS Score
0.011
Published
2024-02-29
Concrete CMS 9 before 9.2.3 is vulnerable to Cross Site Request Forgery (CSRF) at /ccm/system/dialogs/file/delete/1/submit.
CVSS Score
4.3
EPSS Score
0.006
Published
2024-02-29
Concrete CMS before 8.5.14 and 9 before 9.2.3 allows Cross Site Request Forgery (CSRF) via ccm/calendar/dialogs/event/delete/submit. An attacker can force an admin to delete events on the site because the event ID is numeric and sequential.
CVSS Score
4.3
EPSS Score
0.006
Published
2024-02-29